1 | <?php |
||
2 | /** |
||
3 | * Get user's global privileges and some db-specific privileges |
||
4 | */ |
||
5 | |||
6 | declare(strict_types=1); |
||
7 | |||
8 | namespace PhpMyAdmin; |
||
9 | |||
10 | use PhpMyAdmin\Query\Utilities; |
||
11 | use function mb_strpos; |
||
12 | use function mb_substr; |
||
13 | use function preg_match; |
||
14 | use function preg_replace; |
||
15 | use function strpos; |
||
16 | |||
17 | /** |
||
18 | * PhpMyAdmin\CheckUserPrivileges class |
||
19 | */ |
||
20 | class CheckUserPrivileges |
||
21 | { |
||
22 | /** @var DatabaseInterface */ |
||
23 | private $dbi; |
||
24 | |||
25 | /** |
||
26 | * @param DatabaseInterface $dbi DatabaseInterface object |
||
27 | */ |
||
28 | 348 | public function __construct(DatabaseInterface $dbi) |
|
29 | { |
||
30 | 348 | $this->dbi = $dbi; |
|
31 | 348 | } |
|
32 | |||
33 | /** |
||
34 | * Extracts details from a result row of a SHOW GRANT query |
||
35 | * |
||
36 | * @param string $row grant row |
||
37 | * |
||
38 | * @return array |
||
39 | */ |
||
40 | 8 | public function getItemsFromShowGrantsRow(string $row): array |
|
41 | { |
||
42 | 8 | $db_name_offset = mb_strpos($row, ' ON ') + 4; |
|
43 | |||
44 | 8 | $tblname_end_offset = mb_strpos($row, ' TO '); |
|
45 | 8 | $tblname_start_offset = false; |
|
46 | 8 | $__tblname_start_offset = mb_strpos($row, '`.', $db_name_offset); |
|
47 | |||
48 | 8 | if ($__tblname_start_offset && $__tblname_start_offset < $tblname_end_offset) { |
|
49 | 8 | $tblname_start_offset = $__tblname_start_offset + 1; |
|
50 | } |
||
51 | |||
52 | 8 | if (! $tblname_start_offset) { |
|
0 ignored issues
–
show
|
|||
53 | 8 | $tblname_start_offset = mb_strpos($row, '.', $db_name_offset); |
|
54 | } |
||
55 | |||
56 | 8 | $show_grants_dbname = mb_substr( |
|
57 | 8 | $row, |
|
58 | 8 | $db_name_offset, |
|
59 | 8 | $tblname_start_offset - $db_name_offset |
|
60 | ); |
||
61 | |||
62 | 8 | $show_grants_dbname = Util::unQuote($show_grants_dbname, '`'); |
|
63 | |||
64 | 8 | $show_grants_str = mb_substr( |
|
65 | 8 | $row, |
|
66 | 8 | 6, |
|
67 | 8 | mb_strpos($row, ' ON ') - 6 |
|
68 | ); |
||
69 | |||
70 | 8 | $show_grants_tblname = mb_substr( |
|
71 | 8 | $row, |
|
72 | 8 | $tblname_start_offset + 1, |
|
73 | 8 | $tblname_end_offset - $tblname_start_offset - 1 |
|
74 | ); |
||
75 | 8 | $show_grants_tblname = Util::unQuote($show_grants_tblname, '`'); |
|
76 | |||
77 | return [ |
||
78 | 8 | $show_grants_str, |
|
79 | 8 | $show_grants_dbname, |
|
80 | 8 | $show_grants_tblname, |
|
81 | ]; |
||
82 | } |
||
83 | |||
84 | /** |
||
85 | * Check if user has required privileges for |
||
86 | * performing 'Adjust privileges' operations |
||
87 | * |
||
88 | * @param string $show_grants_str string containing grants for user |
||
89 | * @param string $show_grants_dbname name of db extracted from grant string |
||
90 | * @param string $show_grants_tblname name of table extracted from grant string |
||
91 | */ |
||
92 | 4 | public function checkRequiredPrivilegesForAdjust( |
|
93 | string $show_grants_str, |
||
94 | string $show_grants_dbname, |
||
95 | string $show_grants_tblname |
||
96 | ): void { |
||
97 | // '... ALL PRIVILEGES ON *.* ...' OR '... ALL PRIVILEGES ON `mysql`.* ..' |
||
98 | // OR |
||
99 | // SELECT, INSERT, UPDATE, DELETE .... ON *.* OR `mysql`.* |
||
100 | 4 | if ($show_grants_str != 'ALL' |
|
101 | 4 | && $show_grants_str != 'ALL PRIVILEGES' |
|
102 | 4 | && (mb_strpos( |
|
103 | 4 | $show_grants_str, |
|
104 | 4 | 'SELECT, INSERT, UPDATE, DELETE' |
|
105 | 4 | ) === false) |
|
106 | ) { |
||
107 | return; |
||
108 | } |
||
109 | |||
110 | 4 | if ($show_grants_dbname == '*' |
|
111 | 4 | && $show_grants_tblname == '*' |
|
112 | ) { |
||
113 | 4 | $GLOBALS['col_priv'] = true; |
|
114 | 4 | $GLOBALS['db_priv'] = true; |
|
115 | 4 | $GLOBALS['proc_priv'] = true; |
|
116 | 4 | $GLOBALS['table_priv'] = true; |
|
117 | |||
118 | 4 | if ($show_grants_str == 'ALL PRIVILEGES' |
|
119 | 4 | || $show_grants_str == 'ALL' |
|
120 | ) { |
||
121 | 4 | $GLOBALS['is_reload_priv'] = true; |
|
122 | } |
||
123 | } |
||
124 | |||
125 | // check for specific tables in `mysql` db |
||
126 | // Ex. '... ALL PRIVILEGES on `mysql`.`columns_priv` .. ' |
||
127 | 4 | if ($show_grants_dbname != 'mysql') { |
|
128 | 4 | return; |
|
129 | } |
||
130 | |||
131 | 3 | switch ($show_grants_tblname) { |
|
132 | 4 | case 'columns_priv': |
|
133 | $GLOBALS['col_priv'] = true; |
||
134 | break; |
||
135 | 4 | case 'db': |
|
136 | 4 | $GLOBALS['db_priv'] = true; |
|
137 | 4 | break; |
|
138 | 4 | case 'procs_priv': |
|
139 | $GLOBALS['proc_priv'] = true; |
||
140 | break; |
||
141 | 4 | case 'tables_priv': |
|
142 | $GLOBALS['table_priv'] = true; |
||
143 | break; |
||
144 | 4 | case '*': |
|
145 | 4 | $GLOBALS['col_priv'] = true; |
|
146 | 4 | $GLOBALS['db_priv'] = true; |
|
147 | 4 | $GLOBALS['proc_priv'] = true; |
|
148 | 4 | $GLOBALS['table_priv'] = true; |
|
149 | 4 | break; |
|
150 | default: |
||
151 | } |
||
152 | 4 | } |
|
153 | |||
154 | /** |
||
155 | * sets privilege information extracted from SHOW GRANTS result |
||
156 | * |
||
157 | * Detection for some CREATE privilege. |
||
158 | * |
||
159 | * Since MySQL 4.1.2, we can easily detect current user's grants using $userlink |
||
160 | * (no control user needed) and we don't have to try any other method for |
||
161 | * detection |
||
162 | * |
||
163 | * @todo fix to get really all privileges, not only explicitly defined for this user |
||
164 | * from MySQL manual: (https://dev.mysql.com/doc/refman/5.0/en/show-grants.html) |
||
165 | * SHOW GRANTS displays only the privileges granted explicitly to the named |
||
166 | * account. Other privileges might be available to the account, but they are not |
||
167 | * displayed. For example, if an anonymous account exists, the named account |
||
168 | * might be able to use its privileges, but SHOW GRANTS will not display them. |
||
169 | */ |
||
170 | 300 | private function analyseShowGrant(): void |
|
171 | { |
||
172 | 300 | if (Util::cacheExists('is_create_db_priv')) { |
|
173 | 40 | $GLOBALS['is_create_db_priv'] = Util::cacheGet( |
|
174 | 40 | 'is_create_db_priv' |
|
175 | ); |
||
176 | 40 | $GLOBALS['is_reload_priv'] = Util::cacheGet( |
|
177 | 40 | 'is_reload_priv' |
|
178 | ); |
||
179 | 40 | $GLOBALS['db_to_create'] = Util::cacheGet( |
|
180 | 40 | 'db_to_create' |
|
181 | ); |
||
182 | 40 | $GLOBALS['dbs_where_create_table_allowed'] = Util::cacheGet( |
|
183 | 40 | 'dbs_where_create_table_allowed' |
|
184 | ); |
||
185 | 40 | $GLOBALS['dbs_to_test'] = Util::cacheGet( |
|
186 | 40 | 'dbs_to_test' |
|
187 | ); |
||
188 | |||
189 | 40 | $GLOBALS['db_priv'] = Util::cacheGet( |
|
190 | 40 | 'db_priv' |
|
191 | ); |
||
192 | 40 | $GLOBALS['col_priv'] = Util::cacheGet( |
|
193 | 40 | 'col_priv' |
|
194 | ); |
||
195 | 40 | $GLOBALS['table_priv'] = Util::cacheGet( |
|
196 | 40 | 'table_priv' |
|
197 | ); |
||
198 | 40 | $GLOBALS['proc_priv'] = Util::cacheGet( |
|
199 | 40 | 'proc_priv' |
|
200 | ); |
||
201 | |||
202 | 40 | return; |
|
203 | } |
||
204 | |||
205 | // defaults |
||
206 | 300 | $GLOBALS['is_create_db_priv'] = false; |
|
207 | 300 | $GLOBALS['is_reload_priv'] = false; |
|
208 | 300 | $GLOBALS['db_to_create'] = ''; |
|
209 | 300 | $GLOBALS['dbs_where_create_table_allowed'] = []; |
|
210 | 300 | $GLOBALS['dbs_to_test'] = Utilities::getSystemSchemas(); |
|
211 | 300 | $GLOBALS['proc_priv'] = false; |
|
212 | 300 | $GLOBALS['db_priv'] = false; |
|
213 | 300 | $GLOBALS['col_priv'] = false; |
|
214 | 300 | $GLOBALS['table_priv'] = false; |
|
215 | |||
216 | 300 | $rs_usr = $this->dbi->tryQuery('SHOW GRANTS'); |
|
217 | |||
218 | 300 | if (! $rs_usr) { |
|
219 | return; |
||
220 | } |
||
221 | |||
222 | 300 | $re0 = '(^|(\\\\\\\\)+|[^\\\\])'; // non-escaped wildcards |
|
223 | 300 | $re1 = '(^|[^\\\\])(\\\)+'; // escaped wildcards |
|
224 | |||
225 | 300 | while ($row = $this->dbi->fetchRow($rs_usr)) { |
|
226 | [ |
||
227 | $show_grants_str, |
||
228 | $show_grants_dbname, |
||
229 | $show_grants_tblname, |
||
230 | ] = $this->getItemsFromShowGrantsRow($row[0]); |
||
231 | |||
232 | if ($show_grants_dbname == '*') { |
||
233 | if ($show_grants_str != 'USAGE') { |
||
234 | $GLOBALS['dbs_to_test'] = false; |
||
235 | } |
||
236 | } elseif ($GLOBALS['dbs_to_test'] !== false) { |
||
237 | $GLOBALS['dbs_to_test'][] = $show_grants_dbname; |
||
238 | } |
||
239 | |||
240 | if (mb_strpos($show_grants_str, 'RELOAD') !== false) { |
||
241 | $GLOBALS['is_reload_priv'] = true; |
||
242 | } |
||
243 | |||
244 | // check for the required privileges for adjust |
||
245 | $this->checkRequiredPrivilegesForAdjust( |
||
246 | $show_grants_str, |
||
247 | $show_grants_dbname, |
||
248 | $show_grants_tblname |
||
249 | ); |
||
250 | |||
251 | /** |
||
252 | * @todo if we find CREATE VIEW but not CREATE, do not offer |
||
253 | * the create database dialog box |
||
254 | */ |
||
255 | if ($show_grants_str == 'ALL' |
||
256 | || $show_grants_str == 'ALL PRIVILEGES' |
||
257 | || $show_grants_str == 'CREATE' |
||
258 | || strpos($show_grants_str, 'CREATE,') !== false |
||
259 | ) { |
||
260 | if ($show_grants_dbname == '*') { |
||
261 | // a global CREATE privilege |
||
262 | $GLOBALS['is_create_db_priv'] = true; |
||
263 | $GLOBALS['is_reload_priv'] = true; |
||
264 | $GLOBALS['db_to_create'] = ''; |
||
265 | $GLOBALS['dbs_where_create_table_allowed'][] = '*'; |
||
266 | // @todo we should not break here, cause GRANT ALL *.* |
||
267 | // could be revoked by a later rule like GRANT SELECT ON db.* |
||
268 | break; |
||
269 | } |
||
270 | |||
271 | // this array may contain wildcards |
||
272 | $GLOBALS['dbs_where_create_table_allowed'][] = $show_grants_dbname; |
||
273 | |||
274 | $dbname_to_test = Util::backquote($show_grants_dbname); |
||
275 | |||
276 | if ($GLOBALS['is_create_db_priv']) { |
||
277 | // no need for any more tests if we already know this |
||
278 | continue; |
||
279 | } |
||
280 | |||
281 | // does this db exist? |
||
282 | if ((preg_match('/' . $re0 . '%|_/', $show_grants_dbname) |
||
283 | && ! preg_match('/\\\\%|\\\\_/', $show_grants_dbname)) |
||
284 | || (! $this->dbi->tryQuery( |
||
285 | 'USE ' . preg_replace( |
||
286 | '/' . $re1 . '(%|_)/', |
||
287 | '\\1\\3', |
||
288 | $dbname_to_test |
||
289 | ) |
||
290 | ) |
||
291 | && mb_substr($this->dbi->getError(), 1, 4) != 1044) |
||
292 | ) { |
||
293 | /** |
||
294 | * Do not handle the underscore wildcard |
||
295 | * (this case must be rare anyway) |
||
296 | */ |
||
297 | $GLOBALS['db_to_create'] = preg_replace( |
||
298 | '/' . $re0 . '%/', |
||
299 | '\\1', |
||
300 | $show_grants_dbname |
||
301 | ); |
||
302 | $GLOBALS['db_to_create'] = preg_replace( |
||
303 | '/' . $re1 . '(%|_)/', |
||
304 | '\\1\\3', |
||
305 | $GLOBALS['db_to_create'] |
||
306 | ); |
||
307 | $GLOBALS['is_create_db_priv'] = true; |
||
308 | |||
309 | /** |
||
310 | * @todo collect $GLOBALS['db_to_create'] into an array, |
||
311 | * to display a drop-down in the "Create database" dialog |
||
312 | */ |
||
313 | // we don't break, we want all possible databases |
||
314 | //break; |
||
315 | } // end if // end elseif |
||
316 | } // end if |
||
317 | } // end while |
||
318 | |||
319 | 300 | $this->dbi->freeResult($rs_usr); |
|
320 | |||
321 | // must also cacheUnset() them in |
||
322 | // PhpMyAdmin\Plugins\Auth\AuthenticationCookie |
||
323 | 300 | Util::cacheSet('is_create_db_priv', $GLOBALS['is_create_db_priv']); |
|
324 | 300 | Util::cacheSet('is_reload_priv', $GLOBALS['is_reload_priv']); |
|
325 | 300 | Util::cacheSet('db_to_create', $GLOBALS['db_to_create']); |
|
326 | 300 | Util::cacheSet( |
|
327 | 300 | 'dbs_where_create_table_allowed', |
|
328 | 300 | $GLOBALS['dbs_where_create_table_allowed'] |
|
329 | ); |
||
330 | 300 | Util::cacheSet('dbs_to_test', $GLOBALS['dbs_to_test']); |
|
331 | |||
332 | 300 | Util::cacheSet('proc_priv', $GLOBALS['proc_priv']); |
|
333 | 300 | Util::cacheSet('table_priv', $GLOBALS['table_priv']); |
|
334 | 300 | Util::cacheSet('col_priv', $GLOBALS['col_priv']); |
|
335 | 300 | Util::cacheSet('db_priv', $GLOBALS['db_priv']); |
|
336 | 300 | } |
|
337 | |||
338 | /** |
||
339 | * Get user's global privileges and some db-specific privileges |
||
340 | */ |
||
341 | 340 | public function getPrivileges(): void |
|
342 | { |
||
343 | 340 | $username = ''; |
|
344 | |||
345 | 340 | $current = $this->dbi->getCurrentUserAndHost(); |
|
346 | 340 | if (! empty($current)) { |
|
347 | 300 | [$username] = $current; |
|
348 | } |
||
349 | |||
350 | // If MySQL is started with --skip-grant-tables |
||
351 | 340 | if ($username === '') { |
|
352 | 52 | $GLOBALS['is_create_db_priv'] = true; |
|
353 | 52 | $GLOBALS['is_reload_priv'] = true; |
|
354 | 52 | $GLOBALS['db_to_create'] = ''; |
|
355 | 52 | $GLOBALS['dbs_where_create_table_allowed'] = ['*']; |
|
356 | 52 | $GLOBALS['dbs_to_test'] = false; |
|
357 | 52 | $GLOBALS['db_priv'] = true; |
|
358 | 52 | $GLOBALS['col_priv'] = true; |
|
359 | 52 | $GLOBALS['table_priv'] = true; |
|
360 | 52 | $GLOBALS['proc_priv'] = true; |
|
361 | } else { |
||
362 | 300 | $this->analyseShowGrant(); |
|
363 | } |
||
364 | 340 | } |
|
365 | } |
||
366 |
In PHP, under loose comparison (like
==
, or!=
, orswitch
conditions), values of different types might be equal.For
integer
values, zero is a special case, in particular the following results might be unexpected: